SNORT and dropping spoofed packets

[Ameen Al-Azzawi via Snort-sigs <snort-sigs () lists snort org>]

Hi everyone,

I have attached a pic of my topology (hopefully it goes through this
mailing list).

The topology represents a DS-Lite technology basic structure.
IPIP6 tunnel has been built between B4 & AFTR machines.

I have an attacking scenario and want to mitigate it.
I am sending (through my attacker machine)  a crafted packet of IPv4 in
IPv6 packet while spoofing the IP address of the B4 router
(2001:db8:0:1::2).
The target is AFTR ens34 interface.

I have installed and configured snort to work in INLINE mode on AFTR
machine.

The question is: what kind of rule should I use?
Is it even possible with SNORT ??

Regards
Ameen

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!